Posted by Kevin D. on 11/17/11 11:40

"Skeets" <skillet3232@yahoo.com> wrote in message
news:1139509124.096351.108150@g44g2000cwa.googlegroups.com...
> i'm passing session and hidden variables between pages. not to mention
> post values.
>
> i'm a little concerned that someone with sufficient knowledge could
> spoof these vlaues and manipulate the program.
>
> is this a valid concern? i'm thinking i can check the submitting page
> setting up something around the following the following code...
>
> $base_name = basename($_SERVER['PHP_SELF']);
>
> is this a good bet? is there a better way?
>
> tia...
>
> ps - posted this on php.general and, after 2 days w/o a response,
> realized that probably wasn't the best place to post it.
>

this is a very interesting thread and i'm learning a lot (of course some of
it is over my head)... i'd like to clarify something, what exactly are we
defending against?

in other words, i understand the concept of someone spoofing to hack my
application... but what does this mean if my application is a basic content
manager for a website? what are the true repercussions and possible
worst-case scenarios that can take place?

- kevin

• Next in forum: Re: upload images
• Prev in forum: How to write PHP standard output on a text file?
• Thread view: Re: PHP Passing Variables Between Pages and Security

[Reply to this message]